<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');cl

1. <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2.  
3. class Agents extends MY_Controller {
4.  
5. function __construct()
6. {
7. parent::__construct();
8.  
9. $this->check_login();
10. }
11.  
12. function index(){}
13.  
14. function view($agent_id = NULL)
15. {
16. $agent = User::find_by_id($agent_id);
17.  
18. /* There are 3 reasons why the Agent might not be found from the ID provided:
19. * 1. No agent exists that corresponds to the ID provided
20. * 2. The agent that corresponds to the given ID was deleted (in which case that Agent will not exist)
21. * 3. The ID provided was invalid, such as if a string was passed or if no ID was provided (in which case it would be NULL)
22. * To best handle this, set an error message and redirect to home page
23. */
24. if(!$agent)
25. {
26. $this->session->set_flashdata('cryptbox_message', $this->generate_cryptbox_message('error', 'We could not find an agent with this ID.'));
27. redirect();
28. }
29.  
30. $this->view_data['agent'] = $agent;
31. $this->view_data['dealerships'] = Dealership::find_all_by_user_id($agent->id);
32.  
33.  
34. if($agent_id === NULL)
35. {
36. redirect();
37. }
38.  
39. //CHECK FOR PERMISSIONS
40. $allow_permission = FALSE;
41.  
42. //If allowed to see all agents, grant permission.
43. if($this->LOGGED_IN_USER->group->view_all_agents)
44. {
45. $allow_permission = TRUE;
46. }
47.  
48. //If only allowed to see agents within agency, AND this agent is part of his own agency, allow access
49. if($this->LOGGED_IN_USER->group->view_agents_within_agency)
50. {
51. $agent = User::find_by_id($agent_id); //we need to find out what the agency ID of this agent is.
52. if($agent->agency_id == $this->LOGGED_IN_USER->agency_id)
53. {
54. $allow_permission = TRUE;
55. }
56. }
57.  
58. //If this agent is himself, allow access
59. if($this->LOGGED_IN_USER->group->view_own_agent)
60. {
61. $allow_permission = TRUE;
62. }
63.  
64. // At this point, if the user doesn't have permission, don't allow him to be here.
65. if(! $allow_permission)
66. {
67. $this->session->set_flashdata('cryptbox_message', CRYPTBOX_MESSAGE_PERM_DENIED);
68. redirect();
69. }
70.  
71. //Determine what tab to display in the output page based on HTTP GET. If none is set in HTTP GET, default to index.
72. $tab = isset($_GET['tab']) ? $_GET['tab'] : '';
73. switch($tab)
74. {
75. case 'dealerships':
76. $this->view_data['tab'] = "dealerships";
77. break;
78. case 'edit':
79. $this->view_data['tab'] = "edit";
80.  
81. if($_POST)
82. {
83. if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) &&
84. strlen($_POST['first_name']) > 0 &&
85. strlen($_POST['last_name']) > 0 &&
86. strlen($_POST['address_street']) > 0 &&
87. strlen($_POST['address_city']) > 0 &&
88. strlen($_POST['address_zip']) > 0 &&
89. strlen($_POST['phone']) > 0
90. ){
91. $agent = User::find_by_id($agent_id);
92. $agent->email = $_POST['email'];
93. $agent->first_name = $_POST['first_name'];
94. $agent->last_name = $_POST['last_name'];
95. $agent->address_street = $_POST['address_street'];
96. $agent->address_city = $_POST['address_city'];
97. $agent->address_state = $_POST['address_state'];
98. $agent->address_zip = $_POST['address_zip'];
99. $agent->phone = $_POST['phone'];
100. $agent->save();
101.  
102. $this->session->set_flashdata('cryptbox_message', CRYPTBOX_MESSAGE_FORM_SUCCESS);
103. redirect('agents/view/' . $agent_id);
104. }
105. }
106.  
107. break;
108. case 'change_password':
109. $this->view_data['tab'] = "change_password";
110.  
111. if($_POST) //Form was submitted for password change.
112. {
113.  
114. //New password must be same as old one, and new password must be valid
115. if($this->validate_password($this->LOGGED_IN_USER->password, $_POST['old_password']) &&
116. preg_match('/^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/', $_POST['new_password']) &&
117. $_POST['new_password'] == $_POST['new_password_confirmation']
118. ){
119. $user = User::find_by_id($this->LOGGED_IN_USER->id);
120. $user->password = $this->encrypt_password($_POST['new_password']);
121. $user->save();
122.  
123. $this->session->set_flashdata('cryptbox_message', CRYPTBOX_MESSAGE_FORM_SUCCESS);
124. redirect('users/my_profile');
125. }
126. else if($this->validate_password($this->LOGGED_IN_USER->password, $_POST['old_password'])){ //if the password is invalid, create a variable to sent to the view to display this error
127. $this->view_data['old_password_invalid'] = TRUE;
128. }
129. }
130.  
131. break;
132. case 'delete':
133. $this->view_data['tab'] = "delete";
134.  
135. $agent = User::find_by_id($agent_id);
136. if(isset($_POST['confirm'])) //confirm deletion
137. {
138. //first we need to get all dealerships to delete them
139. $dealerships = Dealership::find_all_by_user_id($agent->id);
140. foreach($dealerships as $dealership)
141. {
142. //now we need to get all locations to delete them
143. $locations = Location::find_all_by_dealership_id($dealership->id);
144. foreach($locations as $location)
145. {
146. $location->delete();
147. }
148. $dealership->delete();
149. }
150. $agent->delete();
151.  
152. if($this->LOGGED_IN_USER->id == $agent->id) //If user is deleting his own account, log him out
153. redirect('users/logout');
154.  
155. $this->session->set_flashdata('cryptbox_message', CRYPTBOX_MESSAGE_FORM_SUCCESS);
156. redirect();
157. }
158.  
159. if(isset($_POST['cancel'])) //Cancel deletion
160. {
161. redirect('agents/view/' . $agent_id);
162. }
163.  
164. break;
165. default:
166. $this->view_data['tab'] = "index";
167. break;
168. }
169.  
170.  
171. }
172.  
173. }